CVE-2024-10501 | ESAFENET CDG 5 ExamCDGDocService.java findById id sql injection

Inserito da Angelo Barbosa | Ott 29, 2024 | CVE

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-10501. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10501 | ESAFENET CDG 5 ExamCDGDocService.java findById id sql injection

Post correlati

CVE-2023-41998 | Arcserve UDP up to 9.1 com.ca.arcflash.rps.webservice.RPSService4CPMImpl unrestricted upload

CVE-2024-7020 | Google Chrome up to 123.0.6312.122 Autofill ui layer (Issue 400760)

CVE-2024-35889 | Linux Kernel up to 6.8.4 idpf_rx_process_skb_fields denial of service (b4d28f7fa4dd/dd19e827d63a)

CVE-2024-29140 | Matt Manning MJM Clinic Plugin up to 1.1.22 on WordPress cross site scripting